vsftpd chroot configuration

Question

I'm having problems setting up correctly VSFTPD with chroot on a Ubuntu 14.04 (LTS) server. No matter what I try, I keep being allowed to freely navigate the server.

Here is my /etc/vsftpd.conf file (stripped of the commented parts)

listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES

# CHROOT'ING
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd

ssl_enable=Yes
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem 
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

The file /etc/vsftpd.chroot_list contains just the user ftpuser with the intent of him being allowed to navigate all the server.

For test purposes I create the user 'user1'. When I

sftp user1@ftp-server

I login into its /home/user1.But, still, I can navigate all the server without any jailing.

What am I doing wrong?

EDIT vsftpd version: 3.0.2

UPDATE

Problem doesn't seem related to chroot at all. Actually it works just fine under protocol FTP. Suppose SSH server intercepts incoming connections on port 22, so it isn't dispatched to vsftpd. Just a guess.

score 0 · Answer 1 · answered Jun 11 '15 at 11:57

0

Try these options in addition to the chroot-directives:

user_sub_token=$USER
local_root=/home/$USER

answered Jun 11 '15 at 11:57

Lenniey

5,220
2
18
29

Still allowed to navigate the whole server. – Stefano Cazzola Jun 11 '15 at 12:00
@StefanoCazzola Any logfiles written? Tried to disable sFTP? EDIT: OK, that was my next guess. You have to disable sFTP in SSHd – Lenniey Jun 11 '15 at 12:42
It's what I'm trying. Disabling it like described – Stefano Cazzola Jun 11 '15 at 15:51

vsftpd chroot configuration

1 Answers1